vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-38347): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jul 10, 2025	Jul 14, 2025	Feb 13, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jul 10, 2025

Added

Jul 14, 2025

Modified

Feb 13, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on ino and xnid

syzbot reported a f2fs bug as below:

INFO: task syz-executor140:5308 blocked for more than 143 seconds.
Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor140 state:D stack:24016 pid:5308 tgid:5308 ppid:5306 task_flags:0x400140 flags:0x00000006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5378 [inline]
__schedule+0x190e/0x4c90 kernel/sched/core.c:6765
__schedule_loop kernel/sched/core.c:6842 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6857
io_schedule+0x8d/0x110 kernel/sched/core.c:7690
folio_wait_bit_common+0x839/0xee0 mm/filemap.c:1317
__folio_lock mm/filemap.c:1664 [inline]
folio_lock include/linux/pagemap.h:1163 [inline]
__filemap_get_folio+0x147/0xb40 mm/filemap.c:1917
pagecache_get_page+0x2c/0x130 mm/folio-compat.c:87
find_get_page_flags include/linux/pagemap.h:842 [inline]
f2fs_grab_cache_page+0x2b/0x320 fs/f2fs/f2fs.h:2776
__get_node_page+0x131/0x11b0 fs/f2fs/node.c:1463
read_xattr_block+0xfb/0x190 fs/f2fs/xattr.c:306
lookup_all_xattrs fs/f2fs/xattr.c:355 [inline]
f2fs_getxattr+0x676/0xf70 fs/f2fs/xattr.c:533
__f2fs_get_acl+0x52/0x870 fs/f2fs/acl.c:179
f2fs_acl_create fs/f2fs/acl.c:375 [inline]
f2fs_init_acl+0xd7/0x9b0 fs/f2fs/acl.c:418
f2fs_init_inode_metadata+0xa0f/0x1050 fs/f2fs/dir.c:539
f2fs_add_inline_entry+0x448/0x860 fs/f2fs/inline.c:666
f2fs_add_dentry+0xba/0x1e0 fs/f2fs/dir.c:765
f2fs_do_add_link+0x28c/0x3a0 fs/f2fs/dir.c:808
f2fs_add_link fs/f2fs/f2fs.h:3616 [inline]
f2fs_mknod+0x2e8/0x5b0 fs/f2fs/namei.c:766
vfs_mknod+0x36d/0x3b0 fs/namei.c:4191
unix_bind_bsd net/unix/af_unix.c:1286 [inline]
unix_bind+0x563/0xe30 net/unix/af_unix.c:1379
__sys_bind_socket net/socket.c:1817 [inline]
__sys_bind+0x1e4/0x290 net/socket.c:1848
__do_sys_bind net/socket.c:1853 [inline]
__se_sys_bind net/socket.c:1851 [inline]
__x64_sys_bind+0x7a/0x90 net/socket.c:1851
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Let's dump and check metadata of corrupted inode, it shows its xattr_nid
is the same to its i_ino.

dump.f2fs -i 3 chaseyu.img.raw
i_xattr_nid [0x 3 : 3]

So that, during mknod in the corrupted directory, it tries to get and
lock inode page twice, result in deadlock.

- f2fs_mknod
- f2fs_add_inline_entry
- f2fs_get_inode_page --- lock dir's inode page
- f2fs_init_acl
- f2fs_acl_create(dir,..)
- __f2fs_get_acl
- f2fs_getxattr
- lookup_all_xattrs
- __get_node_page --- try to lock dir's inode page

In order to fix this, let's add sanity check on ino and xnid.

Solutions

ubuntu-upgrade-linux-image-5-15-0-1038-nvidia-tegra-igxubuntu-upgrade-linux-image-5-15-0-1038-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-5-15-0-1049-nvidia-tegraubuntu-upgrade-linux-image-5-15-0-1049-nvidia-tegra-rtubuntu-upgrade-linux-image-5-15-0-1061-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1080-gkeopubuntu-upgrade-linux-image-5-15-0-1089-intel-iot-realtimeubuntu-upgrade-linux-image-5-15-0-1089-kvmubuntu-upgrade-linux-image-5-15-0-1091-ibmubuntu-upgrade-linux-image-5-15-0-1091-raspiubuntu-upgrade-linux-image-5-15-0-1092-intel-iotgubuntu-upgrade-linux-image-5-15-0-1092-nvidiaubuntu-upgrade-linux-image-5-15-0-1092-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1093-gkeubuntu-upgrade-linux-image-5-15-0-1094-oracleubuntu-upgrade-linux-image-5-15-0-1096-realtimeubuntu-upgrade-linux-image-5-15-0-1097-awsubuntu-upgrade-linux-image-5-15-0-1097-aws-64kubuntu-upgrade-linux-image-5-15-0-1097-aws-fipsubuntu-upgrade-linux-image-5-15-0-1097-gcpubuntu-upgrade-linux-image-5-15-0-1097-gcp-fipsubuntu-upgrade-linux-image-5-15-0-1101-azureubuntu-upgrade-linux-image-5-15-0-1101-azure-fipsubuntu-upgrade-linux-image-5-15-0-1102-azureubuntu-upgrade-linux-image-5-15-0-163-fipsubuntu-upgrade-linux-image-5-15-0-163-genericubuntu-upgrade-linux-image-5-15-0-163-generic-64kubuntu-upgrade-linux-image-5-15-0-163-generic-lpaeubuntu-upgrade-linux-image-5-15-0-163-lowlatencyubuntu-upgrade-linux-image-5-15-0-163-lowlatency-64kubuntu-upgrade-linux-image-6-14-0-1007-azure-nvidiaubuntu-upgrade-linux-image-6-14-0-1014-azureubuntu-upgrade-linux-image-6-14-0-1014-oemubuntu-upgrade-linux-image-6-14-0-1014-realtimeubuntu-upgrade-linux-image-6-14-0-1015-awsubuntu-upgrade-linux-image-6-14-0-1015-aws-64kubuntu-upgrade-linux-image-6-14-0-1015-oracleubuntu-upgrade-linux-image-6-14-0-1015-oracle-64kubuntu-upgrade-linux-image-6-14-0-1016-raspiubuntu-upgrade-linux-image-6-14-0-1018-gcpubuntu-upgrade-linux-image-6-14-0-1018-gcp-64kubuntu-upgrade-linux-image-6-14-0-34-genericubuntu-upgrade-linux-image-6-14-0-34-generic-64kubuntu-upgrade-linux-image-6-8-0-100-genericubuntu-upgrade-linux-image-6-8-0-100-generic-64kubuntu-upgrade-linux-image-6-8-0-1047-gcpubuntu-upgrade-linux-image-6-8-0-1047-gcp-64kubuntu-upgrade-linux-image-6-8-0-1047-raspiubuntu-upgrade-linux-image-6-8-1-1041-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-5-15ubuntu-upgrade-linux-image-aws-6-14ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-5-15ubuntu-upgrade-linux-image-aws-64k-6-14ubuntu-upgrade-linux-image-aws-64k-lts-22-04ubuntu-upgrade-linux-image-aws-fipsubuntu-upgrade-linux-image-aws-fips-5-15ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-5-15ubuntu-upgrade-linux-image-azure-6-14ubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fipsubuntu-upgrade-linux-image-azure-fips-5-15ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-azure-nvidia-6-14ubuntu-upgrade-linux-image-fipsubuntu-upgrade-linux-image-fips-5-15ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-5-15ubuntu-upgrade-linux-image-gcp-6-14ubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-14ubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-gcp-fipsubuntu-upgrade-linux-image-gcp-fips-5-15ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-5-15ubuntu-upgrade-linux-image-generic-6-14ubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-5-15ubuntu-upgrade-linux-image-generic-64k-6-14ubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-5-15ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-5-15ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iot-realtimeubuntu-upgrade-linux-image-intel-iot-realtime-5-15ubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-intel-iotg-5-15ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-kvm-5-15ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-5-15ubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-5-15ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-5-15ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-5-15ubuntu-upgrade-linux-image-nvidia-tegraubuntu-upgrade-linux-image-nvidia-tegra-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igxubuntu-upgrade-linux-image-nvidia-tegra-igx-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-nvidia-tegra-igx-rt-5-15ubuntu-upgrade-linux-image-nvidia-tegra-rtubuntu-upgrade-linux-image-nvidia-tegra-rt-5-15ubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oem-24-04cubuntu-upgrade-linux-image-oem-6-14ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-5-15ubuntu-upgrade-linux-image-oracle-6-14ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-14ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-5-15ubuntu-upgrade-linux-image-raspi-6-14ubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-5-15ubuntu-upgrade-linux-image-realtime-6-14ubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-5-15ubuntu-upgrade-linux-image-virtual-6-14ubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmpubuntu-upgrade-linux-image-xilinx-zynqmp-5-15

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today